Lessons in cybersecurity, Part I

Posted on February 18, 2022 security stories

Here's a little story from the trenches, from far far away when I was a kiddo learning my way through webservers, PHP and vulnerable (pirated) bulletin boards software.

👋🏻 Intro

A long time ago around 200* something, I was really interested in game hacking related topics and somehow I got in charge of a big forum in the niche. That was my first intro to PHP and anything web related and while being quite good in C++/assembly and having some knowledge of how to breach software security I had stumbled into a fresh new world.

The forum software we were using at the time (it came before my reign to power 😅) was an old, pirated version of vBulletin, sitting on a Dreamhost shared server using PHP 4 something. I was writing code by downloading the files I needed to edit via FTP, do my changes in Notepad++ and then I would upload them back, and so on a dozen times until it worked. This all happened while users were online. The good times of the mono dev-testing-production environments <3

☕ The morning wake-up call

The actual story begins one morning where I woke up like any other day, I get on at my desk and check my beloved community as I was doing everyday. But strangely this time it was different, a black webpage appeared, with red text and a funky “hacker” image. I checked the URL again, it was correct ... panic!

Not the actual image but something similar. Source: sucuri.net

I quickly jump to my trusty FTP client and open the website’s root folder. I notice that all the files are there still, it seemed that just the index.php file has been replaced. And because I knew no better, I simply replaced the index.php with one I had in backups.

Crisis averted, everything fixed. I even tried my best to change the passwords around and I even upgraded the forum software to the latest version (that I could find), time to move on and see about my day, thinking everything is well and life is nice again. Narrator voice: things weren’t well and life would not be nice for long.

🕛 Next morning, deja-vu

Same as the day before, same routine, same hacked website, same defaced homepage. 😭 I was having a deja-vu, I thought I fixed it, how could it be? Well, it be. I go through the same steps as the day before, I upload my index.php back and go with my day.

This weird dance continued for a couple of days.

🛡️ The guardian cron job

Finally getting fed up with doing this whole dance every morning I come up with my brilliant solution (or so I thought at the time). I thought I should automate this and so I created a script that checked the hash of the index.php and compare it to a well known hash of the original file, if the hashes would differ, then it would copy and replace the whole forum software with the “good one”. I would throw that in a cronjob where it would run my checker script every couple of minutes.

It worked! The homepage never got defaced again, well, I never saw it get defaced again 😅.

Thinking in retrospective, there’s more that I could’ve done, a lot more, but at the same time I was limited by the tools at hand and more importantly, my knowledge. Given the website was on a shared hosting, there was not much under my control but I could have at least looked into the root cause a bit more, investigate and try to understand what happened, before applying my brute-force fix.

Overall this was a good lesson and a good start into cybersecurity, it was the spark that lit my curiosity for this field.

GBrowse selected lines and copy to clipboard

Posted on February 15, 2022 development git vim

When talking with colleagues over chat about certain parts of the code it’s very helpful to show and give context as quickly as possible.

Here’s a way to quickly copy a link to GitHub (or GitLab) of the current visual selection in Vim. You need vim-fugitive installed and an upstream provider.

vim-fugitive provides the :GBrowse command while vim-rhubarb or shumphrey/fugitive-gitlab.vim know how to handle the upstream provider.

After installing those plugins, using the :GBrowse command should open the current file in Github/Gitlab. In order to make it work for visual selection of lines, the following can be used.

:'<,'>GBrowse!

Also to make things simpler and faster, I have it re-mapped to gb as follows:

vnoremap gb :'<,'>GBrowse!

That’s it!

Hello world, again❗

Posted on August 26, 2021 ramblings

Well well well ... here I go again!

Another attempt at something that should resemble a personal blog, after more than 14 years in the system and more than 5 attempts, hopefully this is the one that lasts.

This blog (whole website) is custom written in Go and it uses Notion as the content database, which allows me to write and publish content from almost anywhere, including my phone.

Previously I’ve used everything, from index.php to Wordpress and static site generators like Jekyll and Hugo, Hugo is the one I liked the most, for how fast and simple it was to use, and it helped that it is written in Go, but at the same time I felt I was fighting it a lot while trying to add anything extra, customisation was a pain and writing was not as frictionless as it is now.

I am hoping I can open-source the Notion-2-HTML system I’ve now, sometime in the future.

See you around!